Method and Apparatus for Policy Attributes Exchange Between Security Policy Management Platforms and 5G as a Service Platforms

1. A computer-implemented method comprising: detecting that a device has connected to a private cellular network, wherein the device is associated with a device group, and wherein the device group is associated with an access policy applicable within an enterprise network and the private cellular network; in response to the detecting, generating a determination corresponding to a policy effectiveness associated with the access policy implemented in the device group, wherein the determination is generated based on a version of the access policy implemented in the enterprise network and a version of the access policy implemented in the device group, wherein the private cellular network was notified of the version of the access policy implemented in the enterprise network as an update that has not yet been applied to the device group; determining whether the version of the access policy implemented in the enterprise network matches the version of the access policy implemented at the device; in response to the determining resulting in a mismatch: obtaining the version of the access policy implemented in the enterprise network; and applying the version of the access policy implemented in the enterprise network for the device and other devices associated with the device group; in response to the determining resulting in a match: applying the version of the access policy implemented in the enterprise network to the other devices associated with the device group; determining an effectiveness of the version of the access policy implemented in the enterprise network on the private cellular network; and providing, to the enterprise network, a recommendation for a policy exception to be applied at the device group based on the effectiveness.

2. The computer-implemented method of claim 1, wherein the policy exception corresponds to a characteristic of the private cellular network.

3. The computer-implemented method of claim 1, wherein the version of the access policy implemented at the enterprise network is determined through secondary authorization associated with the enterprise network.

4. The computer-implemented method of claim 1, wherein applying the access policy implemented in the enterprise network includes: signaling an update on to a session management function associated with the private cellular network for application via a user plane function associated with the private cellular network.

5. The computer-implemented method of claim 1, wherein the access policy implemented in the enterprise network is determined based on a notification associated with the enterprise network, wherein the notification indicates a set of updates to use cases supported by the private cellular network, and wherein the use cases are associated with the device group.

6. A system, comprising: one or more processors; and memory storing thereon instructions that, as a result of being executed by the one or more processors, cause the system to: detect that a device has connected to a private cellular network, wherein the device is associated with a device group, and wherein the device group is associated with an access policy applicable within an enterprise network and the private cellular network; in response to the detecting, generate a determination corresponding to a policy effectiveness associated with the access policy implemented in the device group, wherein the determination is generated based on version of the access policy implemented in the enterprise network a version of the access policy implemented in the device group, wherein the private cellular network was notified of the version of the access policy implemented in the enterprise network as an update that has not yet been applied to the device group; determine whether the version of the access policy implemented in the enterprise network matches the version of the access policy implemented in the device; in response to the determining resulting in a mismatch: obtain the version of the access policy implemented in the enterprise network; and apply the version of the access policy implemented in the enterprise network for the device and other devices associated with the device group; in response to the determining resulting in a match: applying the version of the access policy implemented in the enterprise network to the other devices associated with the device group; determine an effectiveness of the version of the access policy implemented in the enterprise network on the private cellular network; and provide, to the enterprise network, a recommendation for a policy exception to be applied at the device group based on the effectiveness.

7. The system of claim 6, wherein the policy exception corresponds to a characteristic of the private cellular network.

8. The system of claim 6, wherein the version of the access policy implemented in the enterprise network is determined through secondary authorization associated with the enterprise network.

9. The system of claim 6, wherein the instructions that cause the system to apply the version of the access policy implemented in the enterprise network further cause the system to: signal an update on to a session management function associated with the private cellular network for application via a user plane function associated with the private cellular network.

10. The system of claim 6, wherein the version of the access policy implemented in the enterprise network is determined based on a notification associated with the enterprise network, wherein the notification indicates a set of updates to use cases supported by the private cellular network, and wherein the use cases are associated with the device group.

11. A non-transitory, computer-readable storage medium storing thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to: detect that a device has connected to a private cellular network, wherein the device is associated with a device group, and wherein the device group is associated with an access policy applicable within an enterprise network and the private cellular network; in response to the detecting, generate a determination corresponding to a policy effectiveness associated with the access policy implemented in the device group, wherein the determination is generated based on a version of the access policy implemented in the enterprise network and a version of the access policy implemented in the device group, wherein the private cellular network was notified of the version of the access policy implemented in the enterprise network as an update that has not yet been applied to the device group; determine whether the version of the access policy implemented in the enterprise network matches the version of the access policy implemented in the device; in response to the determining resulting in a mismatch: obtain the version of the access policy implemented in the enterprise network; and apply the version of the access policy implemented in the enterprise network for the device and other devices associated with the device group; in response to the determining resulting in a match: applying the version of the access policy implemented in the enterprise network to the other devices associated with the device group; determining an effectiveness of the version of the access policy implemented in the enterprise network on the private cellular network; and providing, to the enterprise network, a recommendation for a policy exception to be applied at the device group based on the effectiveness.

12. The non-transitory, computer-readable storage medium of claim 11, wherein: the determination indicates that the version of the access policy implemented in the private cellular network is ineffective for the device group; and update to the access policy is applied during a subsequent connection by the device to the private cellular network.

13. The non-transitory, computer-readable storage medium of claim 11, wherein the policy exception corresponds to a characteristic of the private cellular network.

14. The non-transitory, computer-readable storage medium of claim 11, wherein the version of the access policy implemented in the enterprise network is determined through secondary authorization associated with the enterprise network.

15. The non-transitory, computer-readable storage medium of claim 11, wherein the executable instructions that cause the computer system to apply the access policy implemented in the enterprise network further cause the computer system to: signal an update on to a session management function associated with the private cellular network for application via a user plane function associated with the private cellular network.

16. The non-transitory, computer-readable storage medium of claim 11, wherein the version of the access policy implemented in the enterprise network is determined based on a notification associated with the enterprise network, wherein the notification indicates a set of updates to use cases supported by the private cellular network, and wherein the use cases are associated with the device group.

17. The computer-implemented method of claim 1, wherein the version of the access policy of the enterprise network provides rate limit for network traffic for a device group independent of access connectivity.

18. The computer-implemented method of claim 17, wherein the recommendation is to provide improved network connectivity within the private cellular network by determining the effectiveness of the rate limit.